CVE-2015-3316

Name of the Vulnerable Software and Affected Versions CA Client Automation versions r12.5 SP01, r12.8, and r12.9 CA Network and Systems Management versions r11.0, r11.1, and r11.2 CA NSM Job Management Option versions r11.0, r11.1, and r11.2 CA Universal Job Management Agent (affected versions not specified) CA Virtual Assurance for Infrastructure Managers versions 12.6, 12.7, 12.8, and 12.9 CA Workload Automation AE versions r11, r11.3, r11.3.5, and r11.3.6

Description The issue allows local users to gain privileges via an unspecified environment variable.

Recommendations For CA Client Automation versions r12.5 SP01, r12.8, and r12.9, restrict access to sensitive environment variables until a fix is available. For CA Network and Systems Management versions r11.0, r11.1, and r11.2, consider disabling the use of environment variables in the affected component. For CA NSM Job Management Option versions r11.0, r11.1, and r11.2, avoid using unspecified environment variables in the affected module. For CA Universal Job Management Agent, at the moment, there is no information about a newer version that contains a fix for this issue. For CA Virtual Assurance for Infrastructure Managers versions 12.6, 12.7, 12.8, and 12.9, restrict the use of environment variables to minimize the risk of exploitation. For CA Workload Automation AE versions r11, r11.3, r11.3.5, and r11.3.6, consider applying configuration changes to limit the impact of the issue.